- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() {CVE-2023-53803} - md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445} - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() {CVE-2025-38249} - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} - dm cache: free background tracker's queued work in {CVE-2023-53765} - drm/vmwgfx: Validate the box size for the snooped cursor {CVE-2022-36280,CVE-2022-50440} - vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618} - ice: set tx_tstamps when creating new Tx rings via ethtool {CVE-2022-50710} - sctp: avoid NULL dereference when chunk data buffer is {CVE-2025-40240} - ip6_vti: fix slab-use-after-free in decode_session6 {CVE-2023-53821} - wifi: mac80211_hwsim: drop short frames {CVE-2023-53321} - ext4: add bounds checking in get_max_inline_xattr_value_size() {CVE-2023-53285} - md/raid10: fix null-ptr-deref in raid10_sync_request {CVE-2023-53832} - dm flakey: fix a crash with invalid table line {CVE-2023-53786} - wifi: mt7601u: fix an integer underflow {CVE-2023-53679} - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode {CVE-2022-50638} - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode - ext4: add helper to check quota inums - ext4: fix bug_on in __es_tree_search caused by bad quota inode - quota: Factor out setup of quota inode - USB: usbtmc: Fix direction for 0-length ioctl control messages {CVE-2023-53761} - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer {CVE-2023-53395} - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] {CVE-2024-46815} - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition {CVE-2023-1989} - nvmet: avoid potential UAF in nvmet_req_complete() {CVE-2023-53116} - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() {CVE-2022-50258} - dm raid: fix address sanitizer warning in raid_status {CVE-2022-50084} - vt: Clear selection before changing the font {CVE-2022-49948} - ipvs: fix WARNING in ip_vs_app_net_cleanup() {CVE-2022-49917} - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK {CVE-2022-49870} - ata: libata-transport: fix double ata_host_put() in ata_tport_add() {CVE-2022-49826} - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix {CVE-2022-49503} - selinux: Add boundary check in put_entry() {CVE-2022-50200} - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails {CVE-2023-53307} - RDMA/mlx5: Return the firmware result upon destroying QP/RQ {CVE-2023-53286} - sched/fair: Don't balance task to its current running CPU {CVE-2023-53215} - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue {CVE-2022-50366} - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address {CVE-2022-50320} - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() {CVE-2022-50881} - slcan: Don't transmit uninitialized stack data in padding {CVE-2020-11494} - media: dvb-frontends: avoid stack overflow warnings with clang {CVE-2024-27075} - PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free {CVE-2023-53446} - cifs: Fix warning and UAF when destroy the MR list {CVE-2023-53427} - sctp: fix a potential overflow in sctp_ifwdtsn_skip {CVE-2023-53372} - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter {CVE-2023-53357} - lwt: Fix return values of BPF xmit ops {CVE-2023-53338} - ubi: ensure that VID header offset + VID header size <= alloc, size {CVE-2023-53265} - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() {CVE-2022-50423} - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times {CVE-2022-50419} - ACPICA: Fix error code path in acpi_ds_call_control_method() {CVE-2022-50411} - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS {CVE-2022-50315} - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace {CVE-2023-54286}